{"report_id":"cfc620fb-a18c-484e-a50c-d80e91dff60f","version":6,"status":"done","tags":[],"date":"2025-06-15T09:06:09Z","url":{"schema":"http","addr":"cdn.4446k.com/","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"cdn.4446k.com/","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"title":"Surveza"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-24T09:06:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-06-11T15:12:46.86911Z","alert_count":0,"request_count":1,"received_data":4135,"sent_data":495,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.4446k.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2023-03-02","domain_rank":0,"first_seen":"2025-05-30T18:16:29.070821Z","last_seen":"2025-06-07T13:10:51.830765Z","alert_count":0,"request_count":4,"received_data":22710,"sent_data":1794,"comment":"","tags":null,"fingerprints":null},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":9054,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-06-12T07:59:38.399482Z","alert_count":0,"request_count":2,"received_data":2114,"sent_data":1038,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-06-11T15:09:13.311764Z","alert_count":0,"request_count":1,"received_data":28071,"sent_data":562,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-06-15T09:05:45Z","timestamp":1749978345,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":53610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-06-15T09:05:45.359250+0000\",\"flow_id\":1743346757437019,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":53610,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"free-pay404.duckdns.org\",\"url\":\"/7ba1661241b9d9950ba7bf03a52febbc/Credit%20card.php?cmd=_account-details\u0026session=f6369b3714cb569b291422954c971ace\u0026dispatch=f9437522a672d8c66b6dd8c862842e46f2553d27\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":752,\"bytes_toclient\":116,\"start\":\"2025-06-15T09:02:42.099931+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-06-15T09:06:00Z","timestamp":1749978360,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":53554,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-06-15T09:06:00.133638+0000\",\"flow_id\":485509750118095,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":53554,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"free-pay404.duckdns.org\",\"url\":\"/7ba1661241b9d9950ba7bf03a52febbc/Credit%20card.php?cmd=_account-details\u0026session=f6369b3714cb569b291422954c971ace\u0026dispatch=f9437522a672d8c66b6dd8c862842e46f2553d27\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":752,\"bytes_toclient\":116,\"start\":\"2025-06-15T09:02:40.841423+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"my.rtmark.net/p.js?f=sync\u0026lr=1\u0026partner=a86cac3c7b90fe9e4a995ae094e38cb961f30649a9539312ee91a6c1ceaf4c58","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8020afe5f9f51629456f6e2f2052a7d6","sha1":"4cc2172d0e7602194ea5a2c2d5985d40c463ea2e","sha256":"059193435857a2b3d0cd241e54db354c1e3088cc46a82f05a0e77b16926b3f92","sha512":"6cdcd888c6def301842aa9983194f909b55d0757cafac445785d4c960bd003216e236578db578e34b6892ac46239028c5c9a7e99a40690ce6e261bc4b1b7bfb4","ssdeep":"","tlshash":"d301c07d5bc6206414f635802b3abb4b383713be2ca75805898c4414b258bafb21acec","size":697,"data":"","first_seen":"2025-06-06T00:54:42.77526Z","last_seen":"2026-04-03T23:08:14.826652Z","times_seen":587,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.4446k.com/","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0800ba78a91dfeae1b4316f3dc3a35b1","sha1":"2ae47acd1cfa305386e562817189427c08373584","sha256":"f50ed059282453f41bc8523a06f48439da91bf5be87e99162765eef50913af2f","sha512":"ca2061e2ebba91b22e4b98877a16d6fc6bc4b8bb3c572e47ee1cf2b26c1b88adf263c2c482a76e87dfcf8b41d9aebec8e04f9579eb9e73b09231f459db368a3f","ssdeep":"","tlshash":"b501a24918fc5034026bb1b95ebf95193524010f2d496d297d5d95114f58b7e18f7e4c","size":738,"data":"","first_seen":"2025-06-06T00:54:42.789545Z","last_seen":"2025-12-08T00:18:46.353007Z","times_seen":517,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:ital,wght@0,200..800;1,200..800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 May 2025 08:42:52 GMT","end":"Mon, 11 Aug 2025 08:42:51 GMT"},"fingerprint":{"sha1":"FF:78:1F:2C:E7:6A:27:90:8B:25:07:97:DD:25:4A:FA:6F:1F:0F:31","sha256":"46:34:EF:F1:07:35:F3:50:D2:53:87:CF:51:D3:56:88:91:89:0F:D5:68:8D:1D:FC:FA:13:96:FA:D6:1F:8A:89"}}},"request":{"raw":"GET /css2?family=Plus+Jakarta+Sans:ital,wght@0,200..800;1,200..800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":183,"data":"{\"head\":{\"locale\":\"en-US\",\"currency\":\"USD\",\"site\":\"EN\",\"source\":\"Online\",\"vid\":\"1749978321926.6eb8xFPUkTuZ\"},\"vid\":\"1749978321926.6eb8xFPUkTuZ\",\"requestModule\":1,\"hasNewUserTag\":true}"}},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 15 Jun 2025 09:05:47 GMT\r\ndate: Sun, 15 Jun 2025 09:05:47 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3449,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3bb9be4e6343bcd36a0fdab65b6c21fa","sha1":"d072a54a224ac0957c263579b3a3cf05532da9c2","sha256":"73ee8b8e355066a13038b1634d48cc5327116e0979bb8c10833c12841eb86d5f","sha512":"60731bce9cce9a7179b47b6a31288e716ab1a8445ed3b4bfe9f9c46d22df7a2a6266c1f869d5ef964575a3377c39e5b590ffc2c11dc0b7deb97f636b02e71cdf","ssdeep":"","tlshash":"6c61c390052f9540ea831dc663cf3f3a9e5e61a5705584f9affd0848ec6ac2a73b1b1c","first_seen":"2025-06-05T19:50:12.466271Z","last_seen":"2025-09-10T05:10:36.20228Z","times_seen":102,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":140,"dns":1,"connect":20,"send":0,"wait":31,"receive":0,"ssl":123},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.4446k.com/assets/logo.svg","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.4446k.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 May 2025 10:11:43 GMT","end":"Tue, 05 Aug 2025 10:11:42 GMT"},"fingerprint":{"sha1":"91:71:B0:EF:9F:13:15:7D:CE:D7:6F:75:10:47:6E:AB:1E:82:11:2D","sha256":"6F:DC:DD:97:EE:76:A4:49:FD:D3:A7:2B:C6:21:ED:AB:17:82:F3:D9:A3:6E:6D:82:D5:67:5E:31:CC:B5:2C:CC"}}},"request":{"raw":"GET /assets/logo.svg HTTP/1.1\r\nHost: cdn.4446k.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1973,"data":"{\"signature\":\"UxFdVMwNFNwN0wzODEybVeyJhZF9sb2FkZWRfY2FsbGJhY2siOnsiY29udGFpbmVyTmFtZSI6InJzIiwiYWRzTG9hZGVkIjp0cnVlLCJjYWxsYmFja09wdGlvbnMiOnsiY2FmUmVxdWVzdEFjY2VwdGVkIjp0cnVlLCJjYWZTdGF0dXMiOnsiY2xpZW50IjoicGFydG5lci1kcC1ib2RpczMxXzNwaCIsImFkdWx0IjpmYWxzZX19fSwiYXBwX3ZlcnNpb24iOiIwLjcuNiIsImNhZl9jbGllbnRfaWQiOiJwYXJ0bmVyLWRwLWJvZGlzMzFfM3BoIiwiY2FmX3RpbWVkX291dCI6ZmFsc2UsImNhZl9sb2FkZWRfbXMiOjUwOSwiY2hhbm5lbCI6InBpZC1ib2Rpcy1nY29udHJvbDk3LHBpZC1ib2Rpcy1nY29udHJvbDEwOSxwaWQtYm9kaXMtZ2NvbnRyb2w0MzYscGlkLWJvZGlzLWdjb250cm9sMTUxLHBpZC1ib2Rpcy1nY29udHJvbDE2MiIsImRlc2t0b3AiOnRydWUsInRlcm1zIjoiIiwiZmRfc2VydmVyX2RhdGV0aW1lIjoxNzQ5OTc4MjkyLCJmZF9zZXJ2ZXIiOiJpcC0xMC0yMDEtNDAtNDQuZXUtd2VzdC0xLmNvbXB1dGUuaW50ZXJuYWwiLCJmbGV4X3J1bGUiOm51bGwsImhvc3QiOiJ3dzI1Lnk2c3d3eWYzd2Iuc3VpamlkYW9oeGwudG9wIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJpdnQiOmZhbHNlLCJtb2JpbGUiOmZhbHNlLCJwYWdlX2hlYWRlcnMiOnt9LCJwYWdlX2xvYWRlZF9jYWxsYmFjayI6eyJyZXF1ZXN0QWNjZXB0ZWQiOnRydWUsInN0YXR1cyI6eyJjbGllbnQiOiJwYXJ0bmVyLWRwLWJvZGlzMzFfM3BoIiwiYWR1bHQiOmZhbHNlfX0sInBhZ2VfbWV0aG9kIjoiR0VUIiwicGFnZV9yZXF1ZXN0Ijp7InN1YmlkMSI6IjIwMjUwNjE0LTAxMDMtNTYwZS1iNGZmLTZhMmEwOTkxODkzMyJ9LCJwYWdlX3RpbWUiOjE3NDk5NzgyOTIsInBhZ2VfdXJsIjoiaHR0cDovL3d3MjUueTZzd3d5ZjN3Yi5zdWlqaWRhb2h4bC50b3AvP3N1YmlkMT0yMDI1MDYxNC0wMTAzLTU2MGUtYjRmZi02YTJhMDk5MTg5MzMiLCJ0YWJsZXQiOmZhbHNlLCJ0ZW1wbGF0ZV9pZCI6MzQ1LCJ0eXBlIjoidmlzaXQiLCJ1c2VyX2hhc19hZF9ibG9ja2VyIjpudWxsLCJ1c2VyX2lkIjoyMjI4MywidXVpZCI6IjU5ZWNhNGUyLWUzNDUtNDFlOC05YzViLWMwM2U4YjkxMWU0NSIsInplcm9jbGljayI6e30sInBvcHVwIjpmYWxzZSwidGltZXpvbmVfb2Zmc2V0IjowLCJ1c2VyX3ByZWZlcmVuY2UiOnsibG9jYWxlIjoiZW4tVVMiLCJjYWxlbmRhciI6ImdyZWdvcnkiLCJudW1iZXJpbmdTeXN0ZW0iOiJsYXRuIiwidGltZVpvbmUiOiJVVEMiLCJ5ZWFyIjoibnVtZXJpYyIsIm1vbnRoIjoibnVtZXJpYyIsImRheSI6Im51bWVyaWMifSwidXNlcl91c2luZ19kYXJrbW9kZSI6ZmFsc2UsInVzZXJfc3VwcG9ydHNfZGFya21vZGUiOnRydWUsIndpbmRvd19yZXNvbHV0aW9uIjp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjEwMjR9LCJzY3JlZW5fcmVzb2x1dGlvbiI6eyJ3aWR0aCI6MTI4MCwiaGVpZ2h0IjoxMDI0fSwiZnJhbWUiOm51bGx9\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Jun 2025 09:05:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 5340\r\nserver: nginx\r\nlast-modified: Fri, 06 Jun 2025 09:47:40 GMT\r\netag: \"6842b93c-14dc\"\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nexpires: Tue, 17 Jun 2025 09:05:47 GMT\r\ncache-control: max-age=172800\r\nvary: Accept-Encoding\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5340,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"00057ee28caa16cf1a6b4d6df7a96611","sha1":"0768cdd6649ea853efa76057cd547cb7384f65ab","sha256":"f642b61d06ab65f58529f9a69bd21032d50967ae3b1a199a4ff7df4a7c167d55","sha512":"27c4c5367f761283ea9cd0833b4ea80abeface353fc71ba60251c2908a7ef66911ea7e2e3e7f0e346be23fcaa7d913d5edac9faec6947509b8f2da647c2a3498","ssdeep":"96:AOnZxLh1+RrvFA1Sg6xgnnETHTRnTqGPhTwwoV1CiJAiaUIHPXlh3vP7zDWD3TQv:zZxL2bFA1D6Sn0TRnnPhpoV1M5HHP1hj","tlshash":"a6b143de77b422f4f189e7e9e61014783c6f64ba2f628f78cb7918a8b58144cd4648d0","first_seen":"2025-06-06T00:54:42.780021Z","last_seen":"2026-04-03T23:08:14.82894Z","times_seen":587,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/p.js?f=sync\u0026lr=1\u0026partner=a86cac3c7b90fe9e4a995ae094e38cb961f30649a9539312ee91a6c1ceaf4c58","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 May 2025 11:10:51 GMT","end":"Thu, 31 Jul 2025 12:10:47 GMT"},"fingerprint":{"sha1":"61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82","sha256":"2F:CB:F2:70:8A:C5:50:57:3B:93:56:95:F9:30:FB:DF:B1:05:75:01:74:1C:42:6B:4D:C3:6A:68:D7:F5:A0:20"}}},"request":{"raw":"GET /p.js?f=sync\u0026lr=1\u0026partner=a86cac3c7b90fe9e4a995ae094e38cb961f30649a9539312ee91a6c1ceaf4c58 HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":543,"data":"data=%7B%22appId%22%3A%2221144%22%2C%22params%22%3A%22%7B%5C%22deviceId%5C%22%3A%5C%22%5C%22%2C%5C%22utdid%5C%22%3A%5C%22%5C%22%2C%5C%22aggrement_version%5C%22%3A%5C%221%5C%22%2C%5C%22language%5C%22%3A%5C%22en%5C%22%2C%5C%22shipToCountry%5C%22%3A%5C%22NO%5C%22%2C%5C%22member_seq%5C%22%3A%5C%22%5C%22%2C%5C%22gdpr%5C%22%3A%5C%22%5C%22%2C%5C%22locale%5C%22%3A%5C%22en_NO%5C%22%2C%5C%22currency%5C%22%3A%5C%22NOK%5C%22%2C%5C%22clientType%5C%22%3A%5C%22pc%5C%22%2C%5C%22cookieId%5C%22%3A%5C%22%5C%22%2C%5C%22osf%5C%22%3A%5C%22index%5C%22%7D%22%7D"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Jun 2025 09:05:47 GMT\r\ncontent-type: text/javascript\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9500e860af82b527-OSL\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":697,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"8020afe5f9f51629456f6e2f2052a7d6","sha1":"4cc2172d0e7602194ea5a2c2d5985d40c463ea2e","sha256":"059193435857a2b3d0cd241e54db354c1e3088cc46a82f05a0e77b16926b3f92","sha512":"6cdcd888c6def301842aa9983194f909b55d0757cafac445785d4c960bd003216e236578db578e34b6892ac46239028c5c9a7e99a40690ce6e261bc4b1b7bfb4","ssdeep":"","tlshash":"d301c07d5bc6206414f635802b3abb4b383713be2ca75805898c4414b258bafb21acec","first_seen":"2025-06-06T00:54:42.77526Z","last_seen":"2026-04-03T23:08:14.826652Z","times_seen":587,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":17,"dns":0,"connect":1,"send":0,"wait":33,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.4446k.com/assets/gradient.webp","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.4446k.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 May 2025 10:11:43 GMT","end":"Tue, 05 Aug 2025 10:11:42 GMT"},"fingerprint":{"sha1":"91:71:B0:EF:9F:13:15:7D:CE:D7:6F:75:10:47:6E:AB:1E:82:11:2D","sha256":"6F:DC:DD:97:EE:76:A4:49:FD:D3:A7:2B:C6:21:ED:AB:17:82:F3:D9:A3:6E:6D:82:D5:67:5E:31:CC:B5:2C:CC"}}},"request":{"raw":"GET /assets/gradient.webp HTTP/1.1\r\nHost: cdn.4446k.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":2704,"data":"{\"d\":\"f001749978336924!m1Legacy!d=E8Z7ImNvbnRleHQiOlsiMTAzMjA2NjgwODgiLCIxNzQ5OTc4MzIxOTI2LjZlYjh4RlBVa1R1WiIsMSwxAB71LjMuNjAvbmV3L3QAEPMwMDAxNDQxNixudWxsAgD3LCJvbmxpbmUiBAe3aHR0cHM6Ly91cy50cmlwLmNvbS9pbmRleD9BbGxpYW5jZWlkPTEwMjc2NzQmU0lEPTI5MDQ5NzkmdXRtX2NhbXBhaWduPTM4OAAcAT3aX3N1YjE9OGNiYjMxZGVjYzNiNGU1N2E0OWQ4NmI5MTU4MjAzY2UGIv8yAFnvMzA2MiZsb2NhbGU9ZW4tdXMElQEHqgH8MTI4MADKAfsyNCw1NgDkAfswLDMsIgQj_yIAAAAA6XtcInZlcnNpb25cIjpcIlwiLFwibmV0Agj8Tm9uZQIM-HBsYXRmb3JtBBz_fQGwAgE2-WZlZl9uYW0AIgUzAQ4ATQcH_nJnBwL9bGFuAwgAgAH-VVMDDftpemFyZAdO-CJTR1AtQUxJDrkBAKkB_HRydWUCAAcN-l0sImJ1cwCTA_5zcwPuAwLqAgBEBOYCAAfqY3RhZy5oYXNoLnVncWJpbHRqMmhhag5PDAACAP97AKYB_HRlclQAWQa3BOs0NjY5LCJpbnN0S2V5IjoiMjI1ODUArwT7Im5wbVYDwwIAE_sxLjYuNQMP_0UPMf00MTcAtQH5aXpUb2tlbgG1AQDEAQCrBP4iOgPkAf5mcgDQAvx3b3JrAEb5d2ViLWNvcgDzBPkidGNwU2VuACP7ZmFsc2UAgQHyc1N1cHBvcnRXYXNtIjoClAIAEv9PAcsD_mVhAFT_IgEPATX_bAAyAAoDnwUBjwL2YXB0YWluQXBwSQEWBuQFABj3bHNTaXplIjo0AKkE-yJ1YnRfAbAD_XVhZwAQAIoCAB4BEPljdXJyZW5jAfsB_VVTRAQO_XNpdAEh_lVTBAkDkgUCMgDqAwAS_ndjB5YC-jIuMC42MQQj_XJlcQH5AQabB_UzNjkyNDdjNzhsbwQb-2JhdGNoAh_6YzEyMiJ9AK0C_HVzZXIAtwIDrALoTTotMSwyMzA4MTVfSUJVX3B3YXloOkE7BRD9NTI5AhP8T1RTSgcN_DEyMTgDEf5IUwYN_DQwOTADJ_xwY2FiAhL-NzgAFADYBAMn-0hURzpCABP3NDAsMjUwNDA3BTv8QjpFOwWVCP8iAZ4B-2J0TGlzAYgJ-1sxNTMsB9QB_zEB-wP8dHJhYwKYA_hpbGVkX3RsIgDrBP9rAs0E_GlidV8D5Qj6X3Byb21vAPsB_G5uZXIAzgL-YWQALvV2YWwiOnsiZGF0YQAqAIIHANYD-WdnZXJ0eXADggf7YnJvd3MDsgcDNAATACT3d2lkZ2V0X3BvAKYDBeYH_jEwA9kHAWMBEf9pA4QH_DE1NTAEEwki_zUAnwcBnwcOvwRL2gMR3QMA7wMAwgL_NAq4AgCEB3_DARiqAv85APkKD7MC_zZ9xQH_NQm5Av8yAOMHf8MBF6sC_DgxOTEPsgL_N33EAf82Mo8C-mFkc19leADHAfl1cmVfMXB4Ea8C_nB2AvUB_zEBlw4CiwEMoQ4CnAL_SQIeAaEHAA_-bWEA3Qz9aWFsAw_5MDQ1MDk4OAAVAIQSAjf9e1xcBy0ACAUxAAj6c2NoZW1lBQ_5MDAyMTMwNwMUAM4B_HRlZ3kGE_w1MzQ5AJAMAQr1d2hldGhlclJhY2kAzA8BGwHkDP99ApoB_GFkU3AAhwIChwH-NjUBmwECjhIAC_81AbkBAJQDBKABBpMTAb4B_W9kdQTiAfxob21lASIAnhL-cm8A4Av_bACyAgNT-mN0aXZlSQRG_zQADwPPAv5BZADsDf90ALANBNUMA94G_C4xLjEA5gYAI_FNSU5fREVBTFNfQ09VTlQAHP8zer0D_zcKrQQAwxJxxgMBlgkPqAT6Mzc0MzUyGp0EAzMQpwT8MTgyNADIAxGmBP40NABU_zk4_wP_NknuAwGDBX-4AzGGBP84Cq0E_zJyxQMBiwsNqQT_NQDNFQCAChicBAMwDqUE_jcwAPoZEp8EBxAz_AMAwQlH6AMB-wR_sAMx_gP_OQqlBAD3Gy6BBH-gDH-gDH-gDGrJA_82AK0ge7gDf5wMf5wMf7QDLIcEANokCKsE_zRuxQN_mAx_mAx_rAMlhgT_MgijBADUKfwsIm1lAIMB_2MEtyL-eyIB0CgAMPhiYnpfcGVyZgCfJPZzb3VyY2VfdGltAOwCAbcB_mFnAN8l_3sA3AQBDQHpJf9bAK0EBoMpBZUr_GFrLWQCmiv9Y2RuA5wr_20A2AH5cy8wYTE0bAC3G_AwMGRveGQ5bXdEMzMwLmpwAJwpAKwC_WRvbQCcJgJEDTECG_l0b3RhbFRpAmf_NwHPAwCkKP1yeVQF7x0FpgEDJvlyYW5zZmVyAdMmABsAqyj9NjQzABX7c3RhcnQEPQCoD_80AckD_HR0ZmIBmAMAjQkAgQH-d24B5B4BDAEs_WRucwQnAcwEAIkoCAP5cmVkaXJlYwVH_TB9XQLgJwC2Bf5vcgGwAwDCKAS9KP9wAOYG_lVyAOMGF6UtG4Io_2YAuwb9U0RLBecoBLQsCcYnEqkp_30C2AcAiyn8OjF9XQCZJv9zAMYpCYgqAu4n_30\u0026ac=b\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Jun 2025 09:05:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4220\r\nserver: nginx\r\nlast-modified: Fri, 06 Jun 2025 09:47:40 GMT\r\netag: \"6842b93c-107c\"\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nexpires: Tue, 17 Jun 2025 09:05:47 GMT\r\ncache-control: max-age=172800\r\nvary: Accept-Encoding\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4220,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f7acc178e40a1f2dec9aaee44523ec83","sha1":"436d8c3e99ea5a7ff63652dda6bb6a2f11568f20","sha256":"470a4deebc961567c39bdbe888c9608fc5088315f615af91f1bfde62217f6a5d","sha512":"9b49faf487addfa5896151b299a25cecb2e3bf5fb5e4a3ebceb5fb7f5dee37ee9df90255ffde3c81889863c33cfacdf611733e26342cb2fe261d78e6865b0863","ssdeep":"96:G0zt3S3NB26CC0JpxM4nH544gCCQG65ZK2SKW9:7ztid8ZX544gCC2ZK2S19","tlshash":"c6913b0e2388af22d2a43db495e7bbd5f34b36508a04c7f2b33502080f99487fe1d245","first_seen":"2025-06-06T00:54:42.785137Z","last_seen":"2026-04-03T23:08:14.829473Z","times_seen":587,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.4446k.com/favicon.ico","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.4446k.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 May 2025 10:11:43 GMT","end":"Tue, 05 Aug 2025 10:11:42 GMT"},"fingerprint":{"sha1":"91:71:B0:EF:9F:13:15:7D:CE:D7:6F:75:10:47:6E:AB:1E:82:11:2D","sha256":"6F:DC:DD:97:EE:76:A4:49:FD:D3:A7:2B:C6:21:ED:AB:17:82:F3:D9:A3:6E:6D:82:D5:67:5E:31:CC:B5:2C:CC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cdn.4446k.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":43,"data":"{\"locale\":\"en-US\",\"sceneType\":\"head.sayhi\"}"}},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sun, 15 Jun 2025 09:05:48 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: nginx\r\ncontent-encoding: br\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T06:44:39.735671Z","times_seen":477695,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.4446k.com/","fqdn":"cdn.4446k.com","domain":"4446k.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-06-15T09:05:47.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.4446k.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 May 2025 10:11:43 GMT","end":"Tue, 05 Aug 2025 10:11:42 GMT"},"fingerprint":{"sha1":"91:71:B0:EF:9F:13:15:7D:CE:D7:6F:75:10:47:6E:AB:1E:82:11:2D","sha256":"6F:DC:DD:97:EE:76:A4:49:FD:D3:A7:2B:C6:21:ED:AB:17:82:F3:D9:A3:6E:6D:82:D5:67:5E:31:CC:B5:2C:CC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.4446k.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":465,"data":"{\"channel\":\"home\",\"pageId\":\"10320668088\",\"currency\":\"USD\",\"locale\":\"en-US\",\"source\":\"ONLINE\",\"url\":\"https://us.trip.com/index?Allianceid=1027674\u0026SID=2904979\u0026utm_campaign=38874\u0026trip_sub1=8cbb31decc3b4e57a49d86b9158203ce\u0026trip_sub2=103062\u0026locale=en-us\",\"version\":\"M:-1,231218_IBU_OHS:A;\",\"head\":{\"cid\":\"\",\"ctok\":\"\",\"cver\":\"1.0\",\"lang\":\"01\",\"sid\":\"8888\",\"syscode\":\"09\",\"auth\":\"\",\"xsid\":\"\",\"extension\":[],\"Locale\":\"en-US\",\"Language\":\"en\",\"Currency\":\"USD\",\"ClientID\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Jun 2025 09:05:47 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: nginx\r\nlast-modified: Fri, 06 Jun 2025 09:47:40 GMT\r\netag: W/\"6842b93c-2ce8\"\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nexpires: Tue, 17 Jun 2025 09:05:47 GMT\r\ncache-control: max-age=172800\r\nvary: Accept-Encoding\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11496,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10609)","md5":"e38a336136608adda202d3792d740f43","sha1":"08111e1c1159ba7b1bd0912ff1377952ba295b64","sha256":"c86a1b3cbbc817b6c4fcc57929a9bd4a980e2f5ed488f56fa1637cdb2f16cbc3","sha512":"e1a7072858a6b6d8d5631fb617ac34bc5a174bf8706a4a3c3186ec87c3762039d9cd9ae37c48792bddf1ba719dc3c19a606c916cfc7d32ea645636b70a0130db","ssdeep":"192:ay/48j1yUBSEaVDxwjGPyXc8fLHQRUn6vyJKKBKQZksgyj7eX69y6:VBI06PyXPLgm6vyMKBD72q","tlshash":"d53208331184742e1233c4e876a23b5a72415116cb279b99f86d84accfceeb71e3578d","first_seen":"2025-06-06T00:54:42.787794Z","last_seen":"2025-06-15T09:06:09.641761Z","times_seen":2,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":298,"dns":81,"connect":19,"send":0,"wait":19,"receive":0,"ssl":193},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/plusjakartasans/v11/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yyghfvaZ-E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:47.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 May 2025 08:42:51 GMT","end":"Mon, 11 Aug 2025 08:42:50 GMT"},"fingerprint":{"sha1":"E1:0C:8D:E3:24:8F:B1:9F:BA:8E:CF:BE:4B:8F:D6:6A:39:8A:9D:7A","sha256":"65:E8:EC:B6:A5:E1:94:E8:E7:9C:45:2F:9C:4D:CE:2E:9C:DC:79:47:5E:91:13:17:89:CF:79:18:50:52:26:AE"}}},"request":{"raw":"GET /s/plusjakartasans/v11/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yyghfvaZ-E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cdn.4446k.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":134,"data":"{\"appId\":\"5278\",\"categoryList\":[\"ubtconfig\"],\"head\":{\"appid\":\"5278\",\"cid\":\"1749978321926.6eb8xFPUkTuZ\",\"cver\":\"000.001\",\"sid\":\"8892\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 27236\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 09 Jun 2025 17:25:29 GMT\r\nexpires: Tue, 09 Jun 2026 17:25:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 488418\r\nlast-modified: Thu, 29 May 2025 22:06:30 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27236,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27236, version 1.0","md5":"a8c28b27501f763423d96717c43243df","sha1":"e845ac57b3fee2c68ec6cdb95114ef3541fa3d11","sha256":"b6698c39332c51112c720e8a92608b4eeed502f654b63fc1693b8cccfc856d4d","sha512":"3e3af79fd415b3e4d3cbcd7f9bce2a7fa5c09b1ad5a38c6f2e971852c7973eae1b8ac85a4664f8c7af34f6c489f563cc35f82aecd32b1be8af70ce2612b0e3d3","ssdeep":"384:TOfiFJZpa1LuoEeC5s2xCWnEgdMqCF+FSe5LuxyrPyP2hbgBizhxCvw9k3kwA0y2:XW1l+s2xC8LSs2P2yitawWU50Z","tlshash":"f5c2e0676b05362dbcc47380135b8f262a5071b5566cca61787bef4e3a9b03a903cba5","first_seen":"2025-06-03T19:01:05.870661Z","last_seen":"2026-04-04T06:50:33.527751Z","times_seen":7747,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":78,"dns":1,"connect":7,"send":0,"wait":9,"receive":8,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/img.gif?f=sync\u0026partner=a86cac3c7b90fe9e4a995ae094e38cb961f30649a9539312ee91a6c1ceaf4c58\u0026ttl=\u0026rurl=https%3A%2F%2Fcdn.4446k.com%2F","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://cdn.4446k.com/","date":"2025-06-15T09:05:48.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 May 2025 11:10:51 GMT","end":"Thu, 31 Jul 2025 12:10:47 GMT"},"fingerprint":{"sha1":"61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82","sha256":"2F:CB:F2:70:8A:C5:50:57:3B:93:56:95:F9:30:FB:DF:B1:05:75:01:74:1C:42:6B:4D:C3:6A:68:D7:F5:A0:20"}}},"request":{"raw":"GET /img.gif?f=sync\u0026partner=a86cac3c7b90fe9e4a995ae094e38cb961f30649a9539312ee91a6c1ceaf4c58\u0026ttl=\u0026rurl=https%3A%2F%2Fcdn.4446k.com%2F HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.4446k.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 15 Jun 2025 09:05:48 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0881e96b82754fe0e7876c3c8f99c26d; expires=Mon, 15 Jun 2026 09:05:48 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 9500e8656d5bb518-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-04T06:36:29.343204Z","times_seen":96356,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}